How it started: This hotel has a TV with a barcode I can scan to control the TV from my phone???
How's it going:
(screenshot edited to remove most of the cookie)
The natural urge of hackers when they see some new networked thingy is to hack it. Simple knowledge of the TV set in the previous screenshot appears to be insufficient to control the TV, I also need the session cookie that was given by following the QRcode.
So what you see in the screenshot is the minimum HTTP request (that normally comes from browsers) that I can craft by hand to change the channel
In first grade, my mom got me a "Brainteaser" book that was way to advanced for my grade level, which I read obsessively, learning such things as the frequency of letters (ETAONS...) to solve cryptograms, among other things.
Both my parents valued learning and were reading books or taking classes all the time. They both inspired me that anything was in my grasp to learn if I tried. So I learned how things worked, including computers.
A lot of hacking is simply taking the time to learn that thing that everyone else believes to be unnecessarily or too complicated beyond their abilities. I took the time.
Should I explain this magic trick and ruin it for everyone? Yea, I suppose so. There's a couple useful cybersecurity analogies. Here is goes. twitter.com/i/events/13877…
First of all, David Blain has one main trick: showing you the clip where people are amazed, not that other tricks done poorly. You feel amazed because they are amazed, even though the trick is really no more amazing than any other card trick.
Second of all, the video is cut. It doesn't show the setup ahead of time -- that's a suspicious arrangement of fruit there on the counter.
Apple created this wonderfuly privacy-protecting contact-tracing app technology. Few (in the U.S.) actually installed it.
Now they want privacy-destroying vaccine passport apps imposed on people to force political correctness rather than health.
Vaccine passports aren't about health, since the almost all the danger the unvaccinated have is toward other unvaccinated people. Thus, requiring vaccine passports to attend a concert is silly.
Vaccines aren't about personal protection or individual incidents of infecting others. Instead, they are about herd immune getting the number of infections down from 50k/day to 1k/day.
So I discovered that the 'ping' latency in Speedtest.net is a lie, at least for DOCSIS cable modems. It says 10ms, but it's closer to 40ms for most people. That's the minimum latency added by cable modem technology.
In the above speed test, I opened Wireshark to capture the session, then looked at the "TCP round-trip time". As you can see, I'm getting around 25ms round-trip. This is DOCSIS 3.1 w/ AQM. DOCIS 3.0 was giving me about 45ms to the same server.
This is a known issue of DOCSIS cable-modem technology, dealing with the fact that multiple customers can't transmit at the same time. When the cable is lightly utilized, it adds 10ms latency. When heavily loaded, it can go up to 100ms.
People: "You should listen to the CDC on masks"
Also people: <have no clue what the CDC says about masks>
That's demonstrated by the following story which is unaware that CDC has always recommended UNvaccinated people can jog or bike or hang out with household members outside.
Here's a page from March, for example. Outdoor activities like walking, running, and biking are safe for UNvaccinated people as long as you social distance from strangers.
Scroll down on that page and see the unmasked, unvaccinated people jogging and walking their dog.